Model change for Ansible Tower Credential

[jameswnl]

We're duplicating this api_creat code. We need to refactor this (next round)

[jameswnl]

@miq-bot add_labels wip, enhancement, providers/ansible_tower

[jameswnl]

@miq-bot remove_label wip

[Fryguy]

@bdunne Please review.

[bdunne]

Should we verify that the kind is ssh? Or merge that in as a default option?

[jameswnl]

Yeah, that was the same thing I am not sure about. Actually not just kind, my question is do we want to validate the input? and how much we want to validate? Or let Tower's validation does its work?

[bdunne]

My concern about kind is that this is a create on a particular leaf class. If you want to move this logic up to the superclass so that it is shared by all AutomationManager::Authentications, then I would be okay with letting Tower do all of the data validation. Is there a reason for this method to be on the leaf class rather than the superclass? (I don't think there's anything specific to this leaf class here)

[jameswnl]

I don't like this at all and that's why I have only done this to MachineCredential. I prefer this to be done at a higher level class. The existing AutomationManager::Authentication is not the right place because this particular behavior is Tower specific.
We need to insert another Authentication in the name space of Tower. Are you onboard with that?

[bdunne]

I agree, this is Tower specific logic and should live in ManageIQ::Providers::AnsibleTower::AutomationManager::Authentication

[jameswnl]

Great. It's in now

[bdunne]

I would expect to see :username here and maybe some other fields too.

[blomquisg]

Holding off merging this until #13879 is merged. I believe that #13879 is adding many of the automate models added here, too.

[Fryguy]

I don't understand this line. You shouldn't query against the resource_id as it's part of a polymorphic pair. You have to query with:

find_by(:resource => manager, :manager_ref => credential.id)

[Fryguy]

I really don't like this blocking call, but it is what it is for the existing pattern. cc @bdunne @agrare

[Fryguy]

Typically CRUD of native is done inside of a state machine like how provisioning does it where there is a step to create natively, poke the refresh asynchronously, then transition to a state where you can check asynchronously. All of these seems to be happening directly in this method, which means a worker is going to be completely locked waiting for refresh to complete.

I feel like a better approach for ANY CRUD of native objects is to use some sort of MiqTask, but not as it's done here. This task should call a method that natively creates the object, then pokes the refresh and then immediately returns. The MiqTask is then responsible for the next step of seeing if the refresh has completed. Once the MiqTask completes, it can use UI Notifications to tell the user that the object is ready.

So, for the use case of creating a credential and then using it during creating a repository, I would see:

• User creates the credential
• Creation request put in queue via a task and user is notified that "Request to create credential has started"
• Queue picks up the message, executes the native create, pokes the EmsRefresh
• Task then puts polling on the queue until the expected object is in the database.
• Task then notifies via UI notification, and marks itself as done.
• The User will then see the notification and can go create his repository. If he tries any earlier, the new cred just won't appear.

[Fryguy]

Or perhaps a ::Job is a better choice and create a "real" state machine

[Fryguy]

Another option is doing what's similar to the rhev create_vm event where we inject ourselves to create the object on the fly without impacting the EMS Refresh. cc @agrare

[bdunne]

The api_create method that this is based on is changing too, I agree with splitting the PR.

[jameswnl]

This PR is following the pattern established in #13495. And API create is the key goal of this PR. The modeling code will need refresh once GregB's new models PR is merged.

I can close this for now and re-create once the new pattern is established -- @bdunne is there a PR for the new changes?

[agrare]

If you have to return the id of the object that is created (and looks like you are) then the rhev refresh new vm is probably the right approach, just create the basic object kick off a refresh and return the new id.

Otherwise I'd love to put anything waiting for a refresh in a Task/Job state machine.

[Fryguy]

We just have to weigh time to implement versus current implementation. If we already do this "wait for refresh" elsewhere, we can continue that for now, with the plan to get away from it.

@jameswnl No need to close, just split the PR. This PR can just be the new models, and ApiCreate can be split out.

[Fryguy]

@jameswnl If you split the modeling from the ApiCreate stuff, then I can merge that independent. They are not related in this PR.

[blomquisg]

So, this PR is

1. APICreate, and
2. Some model hierarchy cleanup and adding some automate models.

For #1 we want to hold off and talk about the APICreate approach.

For #2, those models are part of #13879.

So, for now, I guess this PR can just be closed until we figure out the right approach for APICreate.

Thoughts? @jameswnl @Fryguy @bdunne

[jameswnl]

@blomquisg yes, that's what I think too. closing it.

[miq-bot]

Checked commits jameswnl/manageiq@fe4fd78~...c8e2fe2 with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0
9 files checked, 1 offense detected

spec/lib/miq_automation_engine/service_models/miq_ae_service_manageiq-providers-ansible_tower-automation_manager-credential_spec.rb

• ❗ - Line 1, Col 1 - Style/FileName - The name of this source file (miq_ae_service_manageiq-providers-ansible_tower-automation_manager-credential_spec.rb) should use snake_case.